Scalable, Resilient, and Secure: INX’s Cloud Journey with AWS and Profisea
The INX Digital Company, Inc. is undeniably succeeding in bringing the future of finance into reality, having already developed distinctive technology that ensures the fast, secure, and well-regulated trading of digital assets. With INX’s unique combination of expertise in traditional markets and a disruptive fintech approach, the company has emerged as a leader in serving the digital asset industry.
The INX.One platform revolutionizes the spheres of investing and trading by seamlessly combining security tokens, cryptocurrencies, and capital raise services into a single, fully regulated platform. This innovative solution utilizes a unique API interface built on microservices, delivering an intuitive user experience to broker-dealers, corporate financiers, traders, investors, and market makers. With its powerful matching engine, comprehensive regulatory oversight, continuous operations, and prompt trading support, INX.One sets new standards in the industry.
Right from the start, INX made a conscious decision to operate within a regulated environment, prioritizing regulatory oversight and ensuring a safe and secure trading environment. To enhance their commitment to responsible trading across various asset classes, INX partnered with Profisea to introduce cutting-edge Amazon Web Services (AWS) and DevSecOps tools to their DevOps team. This collaboration aimed to seamlessly integrate cloud best practices into INX’s existing workflows, further fortifying their security measures and operational efficiency.
Amazon Web Services has become the best choice for implementing DevSecOps projects, owing to its exceptional capabilities and flexibility in providing a robust infrastructure. Whether it’s provisioning virtual machines, configuring containers, or deploying serverless architectures, AWS offers a highly flexible and scalable environment that can be customized to fit the unique needs of DevSecOps projects.
During the project, the Profisea team used the following AWS services: AWS Batch, AWS Lambda, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Registry (Amazon ECR), Amazon CloudWatch, AWS Cloudtrail, Amazon EC2, Amazon EBS, Amazon S3, AWS Key Management Service (AWS KMS), AWS Secret Manager, AWS Auto Scaling, AWS Config, AWS Security Groups, Amazon Route 53, and AWS SDK.
Additionally, AWS supports a rich ecosystem of third-party integrations, allowing companies to leverage a wide variety of DevSecOps solutions for continuous integration/continuous delivery (CI/CD), vulnerability scanning, threat detection, and compliance monitoring.
Achieving the Goals
Profisea, as an AWS Partner, successfully implemented a DevSecOps project for the INX infrastructure:
The project included the following activities:
- Employing roles for accessing AWS services like Amazon S3, AWS Secret Manager, AWS Auto Scaling, etc.
- Rotating all users’ access keys every 80 days.
- Establishing a connection between the lambda function and EventBridge. In case of an event indicating AWS_RISK_CREDENTIALS_COMPROMISED or AWS_RISK_CREDENTIALS_EXPOSED, the lambda function automatically removes the key from the user and sends a notification to the Slack channel.
- Safeguarding all API requests to applications with Cloudflare.
- Tracking all API requests within the AWS account using AWS CloudTrail, which collects logs from all accounts and stores them in a single S3 bucket under the MNG account.
- Subjecting all application images to vulnerability assessments via Snyk during the build stage. Additionally, conducting image scanning in the ECR registry. For EKS nodes, the latest version of AMI from the AWS provider is utilized.
- Setting up the SSM:FileData template in AWS Config resource types by DevOps to detect changes in compute resources and store related logs in a separate service. Furthermore, configuring the AWS Systems Manager service to collect necessary information from all EC2 instances through the assigned role.
- Configuring EventBus and Lambda functions to track all Write API calls from the CloudTrail service and send notifications to the Slack channel. Additionally, forwarding all logs to OpenSearch, where a dedicated dashboard provides a comprehensive overview of security activities, such as root login, security group changes, unauthorized login, etc.
- Utilizing the AWS Config solution, the INX team tracks and automatically rectifies specific actions. Some cases are solely tracked without remediation, including ensuring S3 buckets are private, AWS Security Groups have no 0.0.0.0 routes, and EBS volumes are encrypted. Moreover, cloudwize.io monitors all compliance policies.
- Employing Certificate Manager in conjunction with Amazon Route 53 to create and automatically renew certificates for all applications. CloudWatch service monitors storage capacity and CPU utilization for EKS EC2 instances. Alarms are sent to the SNS topic to notify the NOC team.
- Preconfiguring the ELK dashboard to display application error rates (4XX, 5XX errors) associated with main components, alongside other dashboards containing metrics and thresholds for latency, total events, etc.
Now, DevOps engineers leverage predefined common modules with specific module versions in Terraform for infrastructure provisioning and management. Environments are segregated by configuration files, where each environment uses its respective configuration file, and secrets are retrieved from the AWS Secret Manager.
In the CI/CD pipeline, the INX team leverages verification from the Snyk system. Also, vulnerabilities are verified with the TFsec tools, and when vulnerabilities are found, the pipeline is automatically blocked.
The adoption of best DevSecOps practices and AWS services brought significant improvements to INX, enhancing their security measures, mitigating the risk of security vulnerabilities, and reinforcing customer trust. In collaboration with Profisea, INX successfully developed a scalable, resilient, and secure cryptocurrency platform utilizing AWS cloud services. As a result, INX witnessed a notable reduction in time to market and maintained the stability of their trading environment, with an impressive uptime of 99.99%.
With Profisea’s continuous monitoring and support, INX can ensure the ongoing stability and optimal functionality of the platform, reinforcing its ethos of maintaining a secure and efficient trading environment.
Profisea: Best Cloud Solutions to Meet the Specific Requirements
Profisea, an Israeli boutique company specializing in DevOps and cloud solutions, is a trusted partner for organizations seeking to optimize their DevSecOps projects and for the successful implementation of overall cloud migration initiatives. With a deep understanding of industry best practices, Profisea excels in implementing DevOps, FinOps, GitOps, DevSecOps, and automated deployment of Kubernetes-based cloud environments.
Recognizing that every customer is unique, Profisea develops strategies tailored to the specific requirements of each, enabling maximum performance, cost reduction, waste reduction, faster time to market, and the establishment of an agile application life cycle.
Are you seeking to optimize your DevOps projects and achieve successful cloud migrations? Just enter your details and we will reply within 24 hours.
Our case studies